CVE-2017-6206

HIGH

D-Link Websmart DGS-1510 Series Firmware < 1.31.b001 - Unauthenticated Information Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-6206. PoCs published by Varang Amin, varangamin, varangjamin.

AI-analyzed exploit summary The exploit consists of two Python scripts targeting D-Link devices. The first script retrieves user account information via an unauthenticated HTTP request, while the second adds a new admin user by exploiting an authentication bypass vulnerability.

Description

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Varang Amin · pythonwebappshardware
https://www.exploit-db.com/exploits/41662

The exploit consists of two Python scripts targeting D-Link devices. The first script retrieves user account information via an unauthenticated HTTP request, while the second adds a new admin user by exploiting an authentication bypass vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link devices (specific model/version not specified)
No auth needed
Prerequisites: Network access to the target device · Target device must be vulnerable to CVE-2017-6206
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by varangamin · poc
https://github.com/varangamin/CVE-2017-6206

This PoC exploits an authentication bypass vulnerability in D-Link DGS-1510 switches to add a new admin user without authentication. It includes scripts to retrieve user information and add a user via unauthenticated HTTP requests.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DGS-1510 Websmart switch series firmware
No auth needed
Prerequisites: Network access to the target switch · Knowledge of the target IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by varangjamin · poc
https://gitlab.com/varangjamin/CVE-2017-6206

This repository contains functional exploit code for CVE-2017-6206, demonstrating an unauthenticated command bypass and information disclosure vulnerability in D-Link DGS-1510 Websmart switches. The exploit adds a new admin user without authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DGS-1510 Websmart switch series firmware
No auth needed
Prerequisites: network access to the target device
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41662/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96393
Various Sources x_refsource_misc
https://github.com/varangamin/CVE-2017-6206

Scores

CVSS v3 7.5
EPSS 0.1621
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
dlink/websmart_dgs-1510_series_firmware < 1.31.b001
Published Feb 23, 2017
Tracked Since Feb 18, 2026